[master]Problem with acl #204

Closed
n1c01a5 opened this Issue Jun 10, 2012 · 2 comments

Comments

Projects
None yet
3 participants
Contributor

n1c01a5 commented Jun 10, 2012

I would that only User ( or an admin) who creates the comment can it modify. I followed the step 7-8 in documentation about acl and so I add acl in my config but it does not works.

My config.yml:

# FOSCommentBundle
fos_comment:
    db_driver: orm
    class:
        model:
            comment: Application\CommentBundle\Entity\Comment
            thread: Application\CommentBundle\Entity\Thread
    acl: true
    service:
        manager:
            thread: fos_comment.manager.thread.acl
            comment: fos_comment.manager.comment.acl
            vote: fos_comment.manager.vote.acl
        acl:
            thread: fos_comment.acl.thread.roles
            comment: fos_comment.acl.comment.roles
            vote: fos_comment.acl.vote.roles
    acl_roles:
        comment:
            create: ROLE_USER
            view: IS_AUTHENTICATED_ANONYMOUSLY
            edit: ROLE_USER
            delete: ROLE_ADMIN
        thread:
            create: ROLE_USER
            view: IS_AUTHENTICATED_ANONYMOUSLY
            edit: ROLE_ADMIN
            delete: ROLE_ADMIN
        vote:
            create: IS_AUTHENTICATED_ANONYMOUSLY
            view: IS_AUTHENTICATED_ANONYMOUSLY
            edit: ROLE_ADMIN
            delete: ROLE_ADMIN

The author of the comment is identified but he can modify all the comments.

Any idea?

Owner

merk commented Jun 12, 2012

ROLE_USER indicates that the user is able to edit any comment if they have this role. It does not contain additional logic to check for ownership.

The Role implementation for CB does not support checking for ownership at this time.

You will need to either implement your own classes implementing Acl/*AclInterface.php classes to add this check, or use the Symfony Security ACL system which will store the ownership records.

merk closed this Jun 12, 2012

ConneXNL commented Nov 2, 2015

I just came across this problem. Is there an integrated solution or example of that yet?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment